Authentication
Auth Flow
API Authentication
Bearer Token
API Keys
Internal API

Authentication

SMO1 uses Better Auth for authentication with JWT tokens for API access.

Auth Flow

User signs in via meow-web using Better Auth (email/password, OAuth)
Better Auth issues a session
For API access, a JWT token is generated
API requests include the JWT in the Authorization header

API Authentication

Bearer Token

Authorization: Bearer &lt;jwt-token&gt;

API Keys

For programmatic access, API keys can be generated in the dashboard:

X-API-Key: &lt;api-key&gt;

Internal API

Internal service-to-service calls use the internal API key:

X-Internal-Key: &lt;internal-api-key&gt;

Purr API Rate Limiting